It's very easy to make a regex that allows all, but catches simple errors: /.+@.+/. Maybe narrow down the domain name, but don't forget that trailing dots are valid in DNS names.
Why is everyone trying to check for things they don't have to? If you need a valid email address, of course you have to send an email for confirmation. anna@example.com is perfectly syntactically valid, but isn't useful to anyone for sending emails. If you optionally want your users to enter an email address, don't overcomplicate things.
> Why is everyone trying to check for things they don't have to?
I forgot where I read it (maybe something about testing or DDD), but an idea I like much is to not validate stuff coming from an external system other than for your internal constraints. You don't control an email account and how it was created and the specification is messy, so if you want to check for its existence, you query the other system. Same for other identifiers.
Why is everyone trying to check for things they don't have to? If you need a valid email address, of course you have to send an email for confirmation. anna@example.com is perfectly syntactically valid, but isn't useful to anyone for sending emails. If you optionally want your users to enter an email address, don't overcomplicate things.